Skip to content

Commit

Permalink
do not ship with a custom rng implementation
Browse files Browse the repository at this point in the history
  • Loading branch information
@xabbuh @fabpot
xabbuh authored and fabpot committed Jan 14, 2016
1 parent 5781bbc commit fcd3160
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 91 deletions.
1 change: 1 addition & 0 deletions composer.json
View file
Expand Up @@ -18,6 +18,7 @@
"require": {
"php": ">=5.3.3",
"doctrine/common": "~2.4",
"paragonie/random_compat": "~1.0",
"twig/twig": "~1.23|~2.0",
"psr/log": "~1.0"
},
Expand Down
91 changes: 1 addition & 90 deletions src/Symfony/Component/Security/Core/Util/SecureRandom.php
View file
Expand Up @@ -11,8 +11,6 @@

namespace Symfony\Component\Security\Core\Util;

use Psr\Log\LoggerInterface;

/**
* A secure random number generator implementation.
*
Expand All @@ -21,98 +19,11 @@
*/
final class SecureRandom implements SecureRandomInterface
{
private $logger;
private $useOpenSsl;
private $seed;
private $seedUpdated;
private $seedLastUpdatedAt;
private $seedFile;

/**
* Constructor.
*
* Be aware that a guessable seed will severely compromise the PRNG
* algorithm that is employed.
*
* @param string $seedFile
* @param LoggerInterface $logger
*/
public function __construct($seedFile = null, LoggerInterface $logger = null)
{
$this->seedFile = $seedFile;
$this->logger = $logger;

$isUnsupportedPhp = '\\' === DIRECTORY_SEPARATOR && PHP_VERSION_ID < 50304;

// determine whether to use OpenSSL
if (!function_exists('random_bytes') && ($isUnsupportedPhp || !function_exists('openssl_random_pseudo_bytes'))) {
if (null !== $this->logger) {
$this->logger->notice('It is recommended that you install the "paragonie/random_compat" library or enable the "openssl" extension for random number generation.');
}
$this->useOpenSsl = false;
} else {
$this->useOpenSsl = true;
}
}

/**
* {@inheritdoc}
*/
public function nextBytes($nbBytes)
{
if (function_exists('random_bytes')) {
return random_bytes($nbBytes);
}

// try OpenSSL
if ($this->useOpenSsl) {
$bytes = openssl_random_pseudo_bytes($nbBytes, $strong);

if (false !== $bytes && true === $strong) {
return $bytes;
}

if (null !== $this->logger) {
$this->logger->info('OpenSSL did not produce a secure random number.');
}
}

// initialize seed
if (null === $this->seed) {
if (null === $this->seedFile) {
throw new \RuntimeException('You need to specify a file path to store the seed.');
}

if (is_file($this->seedFile)) {
list($this->seed, $this->seedLastUpdatedAt) = $this->readSeed();
} else {
$this->seed = uniqid(mt_rand(), true);
$this->updateSeed();
}
}

$bytes = '';
while (strlen($bytes) < $nbBytes) {
static $incr = 1;
$bytes .= hash('sha512', $incr++.$this->seed.uniqid(mt_rand(), true).$nbBytes, true);
$this->seed = base64_encode(hash('sha512', $this->seed.$bytes.$nbBytes, true));
$this->updateSeed();
}

return substr($bytes, 0, $nbBytes);
}

private function readSeed()
{
return json_decode(file_get_contents($this->seedFile));
}

private function updateSeed()
{
if (!$this->seedUpdated && $this->seedLastUpdatedAt < time() - mt_rand(1, 10)) {
file_put_contents($this->seedFile, json_encode(array($this->seed, microtime(true))));
}

$this->seedUpdated = true;
return random_bytes($nbBytes);
}
}
3 changes: 2 additions & 1 deletion src/Symfony/Component/Security/composer.json
View file
Expand Up @@ -19,7 +19,8 @@
"php": ">=5.3.3",
"symfony/event-dispatcher": "~2.2",
"symfony/http-foundation": "~2.1",
"symfony/http-kernel": "~2.1"
"symfony/http-kernel": "~2.1",
"paragonie/random_compat": "~1.0"
},
"require-dev": {
"symfony/form": "~2.0,>=2.0.5",
Expand Down

0 comments on commit fcd3160

Please sign in to comment.